Phishing for insights not passwords!
Вставка
- Опубліковано 10 жов 2023
- You have a well-run phishing program with scheduled simulations that keep your users informed and tested. You provide regular education to keep them up to date on criminal activity, but what else can you do to reduce risk?
By collecting and analyzing email filtering metrics, you can develop a more effective phishing program that helps you identify and address areas that need improvement, ultimately reducing your risk of compromise. Conducting targeted phishing simulations and measuring their effectiveness are also critical steps in minimizing the risk of phishing attacks.
During this presentation, you'll learn about three effective methods for staying ahead of criminal activities. Cathy will share examples of how email filtering metrics can be utilized to provide valuable insights, including near real-time feedback to users, a comprehensive overview of determining high-risk areas, and identification of ongoing malicious campaigns. Using email filtering metrics to inform your phishing program, you can create a more effective and targeted training program that helps your users become more aware of the dangers of phishing attacks and how to avoid them.
Carrier launched its Security Awareness program in March 2021, following its split from UTC. We were challenged to build an industry-leading Security Awareness program for a global remote audience amid the COVID-19 pandemic.
In February 2023, the Security Awareness team had a recruit - an associate from Carrier’s Digital Technology Leadership Program (DTLP), who would do an 8-month rotation in Security Awareness. To challenge her, we encouraged her to come up with a strategy to achieve our 2023 goal of getting 1,000 cyber champions (we call them the Enterprise Defenders) in just 10 business days. Between Feb 28 and Mar. This session outlines how she achieved this.
The audience will get actionable takeaways and tips that include:
-The advantage of using someone without experience, like an intern
-Timing the campaign. We coincided it with International Women’s Day
-How to win over your audience. Our DTLP came up with a CyberSHEurity
Empowering Women in Cybersecurity campaign.
-How to use common tools like Microsoft to run the campaign.
-How to get leadership support
SANS Security Awareness: Managing Human Risk Summit 2023
Phishing for insights not passwords!
Speaker: Cathy Click, National and Global Campaigns for FedEx Information Security
View upcoming Summits: www.sans.org/u/DuS
